Unexpected Usage and more blocked requests from OpenAI service

Question

Unexpected Usage and more blocked requests from OpenAI service

Vishnuram Jatin 20

Hello,

Recently I have suddenly been charged almost 1000 dollars from March and it is due to high input token usage of OpenAI. However my usage and the project does not consume any tokens and it is astonishing to see that from March my token usage has been surged up and also blocked requests in the metrics show that many questions are sexual and harmful. It means that my token is being misused to someone I have not received any alerts or information regarding this matter. I want to know how to resolve this issue.

As you can see from the screenshots, my usage is expected to be as the usage of February but definitely not March and April.Please guide me on how to proceed this privacy and security issue. march_blocked_request

february_blocked_request

march_token_usage

feb_token_usage

Prashanth Veeragoni 4,930 Reputation points Microsoft External Staff Moderator

2025-04-11T18:26:20.0766667+00:00

Hi Vishnuram Jatin,

I hope your ask is about azure OpenAI

Azure has its own API key management, monitoring, and billing systems. Here's how you can proceed with your situation — which appears to be a serious security breach or token misuse via Azure OpenAI.

Immediate Steps to Handle Unauthorized Azure OpenAI Usage:

1.Revoke or Regenerate Azure OpenAI API Keys

·       Go to Azure Portal

·       Navigate to your OpenAI resource → Keys and Endpoint

·       You will see Key 1 and Key 2

·       Immediately regenerate both keys to invalidate old ones

Regenerating the keys ensures any compromised access is blocked instantly.

2.Disable or Limit Access Using Azure Role-Based Access Control (RBAC)

·       Go to your Azure OpenAI resource → Access Control (IAM)

·       Review all users/service principals with access

·       Remove or restrict access to only trusted personnel or apps

3.Analyze Usage Metrics

·       Go to Azure Portal → OpenAI Resource

·       Navigate to “Metrics” (under Monitoring)

·       Set the time range to March–April

·       Track the token usage per endpoint like /v1/chat/completions

Look for:

·       Spikes in token usage

·       Unusual behavior (e.g., offensive prompts)

·       High usage from unknown IPs

You can also set up Diagnostic Settings to stream logs to:

·       Log Analytics

·       Event Hub

·       Storage Account (for audit history)

Azure OpenAI token usage: Strategies for Optimizing High-Volume Token Usage with Azure OpenAI

Additional Recommendations:

·       Do not expose your API key in client-side JavaScript, GitHub, or public repositories

·       Use Azure Managed Identity or Key Vault for secure key access in production

·       Regularly rotate API keys

Hope this helps, do let me know if you have any further queries.

Thank you!
Prashanth Veeragoni 4,930 Reputation points Microsoft External Staff Moderator

2025-04-14T13:24:58.99+00:00

Hi Vishnuram Jatin,

Following up to see if the above suggestion was helpful. And, if you have any further queries do let me know.

Thank you!
Vishnuram Jatin 20 Reputation points

2025-04-14T19:19:55.8866667+00:00

Hi,

As requested I have regenerated the key yesterday and I am not getting any further blocked requests or high token usage. I am surprised as to how it got leaked as I have not exposed it in any public repository or client side JS. Any insights on how did it occur would be helpful.

Accepted answer

0 additional answers

Your answer

Prashanth Veeragoni 4,930 Reputation points Microsoft External Staff Moderator

2025-04-11T18:26:20.0766667+00:00

Hi Vishnuram Jatin,

I hope your ask is about azure OpenAI

Azure has its own API key management, monitoring, and billing systems. Here's how you can proceed with your situation — which appears to be a serious security breach or token misuse via Azure OpenAI.

Immediate Steps to Handle Unauthorized Azure OpenAI Usage:

1.Revoke or Regenerate Azure OpenAI API Keys

· Go to Azure Portal

· Navigate to your OpenAI resource → Keys and Endpoint

· You will see Key 1 and Key 2

· Immediately regenerate both keys to invalidate old ones

Regenerating the keys ensures any compromised access is blocked instantly.

2.Disable or Limit Access Using Azure Role-Based Access Control (RBAC)

· Go to your Azure OpenAI resource → Access Control (IAM)

· Review all users/service principals with access

· Remove or restrict access to only trusted personnel or apps

3.Analyze Usage Metrics

· Go to Azure Portal → OpenAI Resource

· Navigate to “Metrics” (under Monitoring)

· Set the time range to March–April

· Track the token usage per endpoint like /v1/chat/completions

Look for:

· Spikes in token usage

· Unusual behavior (e.g., offensive prompts)

· High usage from unknown IPs

You can also set up Diagnostic Settings to stream logs to:

· Log Analytics

· Event Hub

· Storage Account (for audit history)

Azure OpenAI token usage: Strategies for Optimizing High-Volume Token Usage with Azure OpenAI

Additional Recommendations:

· Do not expose your API key in client-side JavaScript, GitHub, or public repositories

· Use Azure Managed Identity or Key Vault for secure key access in production

· Regularly rotate API keys

Hope this helps, do let me know if you have any further queries.

Thank you!
Prashanth Veeragoni 4,930 Reputation points Microsoft External Staff Moderator

2025-04-14T13:24:58.99+00:00

Hi Vishnuram Jatin,

Following up to see if the above suggestion was helpful. And, if you have any further queries do let me know.

Thank you!
Vishnuram Jatin 20 Reputation points

2025-04-14T19:19:55.8866667+00:00

Hi,

As requested I have regenerated the key yesterday and I am not getting any further blocked requests or high token usage. I am surprised as to how it got leaked as I have not exposed it in any public repository or client side JS. Any insights on how did it occur would be helpful.

Answer 1

Hi Vishnuram Jatin,

Thank you for confirming that regenerating the key resolved the issue. Regarding your concern about how the key might have been compromised — even if it wasn’t exposed publicly — here are several possible vectors for leakage to consider:

1.Accidental Exposure via Logs or Debug Output

Even though the key wasn't in a public repo or client-side code, it might have been:

· Printed in server logs or stack traces

· Logged during exception handling or debugging

· Captured in monitoring tools like Application Insights, Sentry, etc.

Recommendation: Double-check your logs, especially in development and staging environments.

2.Local Machine or Dev Environment Vulnerability

If your system was compromised (via malware or a browser extension), keys stored in local .env files or config files could have been read.

Recommendation: Use a password manager or Azure Key Vault, and avoid storing secrets locally.

3.Shared Collaborators or CI/CD Pipelines

If anyone else had access to:

· Your codebase

· CI/CD pipelines (GitHub Actions, Azure DevOps, etc.)

· DevOps secrets or environment variables

They might have had visibility into the key.

Recommendation: Rotate keys regularly and audit access controls.

4.Insecure Hosting or Public API Endpoints

If the key was used on a public or test endpoint (even temporarily), it could have been captured by bots scanning exposed APIs.

Recommendation: Use Azure API Management or rate-limiting gateways, and restrict usage by IP address or network firewall rules.

5.Third-party Libraries or Integrations

If you used any third-party SDKs, libraries, or plugins that accept your key as input, they may have inadvertently leaked it (e.g., in telemetry).

Recommendation: Review dependencies and avoid giving sensitive keys to any untrusted service.

Hope this helps. Do let me know if you any further queries.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let me know.

Thank you!

Prashanth Veeragoni 4,930 Reputation points Microsoft External Staff Moderator

2025-04-15T16:03:16.6933333+00:00

Hi Vishnuram Jatin,

Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let me know.

Thank You.
Vishnuram Jatin 20 Reputation points

2025-04-15T16:12:30.06+00:00

Hi Prashanth,

Thank you for your answer. I do not have any further queries. I will make sure the new key is safe . Thank you

Share via

Unexpected Usage and more blocked requests from OpenAI service

0 additional answers

Your answer